[mosx86]

[QUOTE][u]Quote by: dbhnyc[/u][p]I have a ad agency client with an old xserve for a file server. They have 13 Mac users for creative work (Quark, CS4, etc) and 20 PC users doing account/administrative work. They also have a in-house Exchange server for email. They have 2 logins currently, one for file server and one for email.

It is time for a new file server and the big question is Windows or Mac for the file server. In the past my experience with hosting macs on a windows server was awful. We needed 3rd party software to make it work. But that was in the NT4 days. I have not tried it since.

Goals
Single logon (AD or OD/AD)
Mac and Windows users accessing same file shares.

I am comfortable using either server software.

Mac file server
Pros;
1. I have used it before and it works. (without AD)

Cons;
1. No xserve -> no redundant power supply
2. OS X server AD integration

Windows file server
Pros;
1. Single server OS
2. Proper server hardware

Cons;
1. Macs connecting via SMB

I think it comes down to what is the bigger headache, getting Mac clients to work with a Windows server or getting the Apple server to work with AD.

Thoughts?

Thanks[/p][/QUOTE]

It’s probably easier to integrate the Macs into the PC infrastructure. If you’re going to be running directory services, Apple’s OD and SMB implementation are not compatible with WIn7. You’d have to use something like pGina on the PCs to get them to authenticate.

[mosx86]

So basically, there is no way to disable this?

[mosx86]

Probably don’t want to hear this but have you looked at pGina?

[mosx86]

It is turning out to be a bit more complicated. After poking around we’ve done the following:

• Replaced Apple’s samba.schema with the schema included by our samba 3 installation on the PDC.
• Edited apple.schema to match the new Samba 3 attributes/objectclasses.
• Edited slapd_macosxserver.conf to match apple.schema changes.

When slapd is relaunched, the new objectclasses and attributes are not visible in the schema. Since we had pre-populated the ODM with test users, we thought that since the database had been created our modifications to the schema were not sticking (have not found documentation for or against that notion). We decided to demote the ODM to standalone and promote back ODM to recreate the database, but we then discovered that both slapd.conf and slapd_macosxserver.conf files are destroyed and recreated.

After scouring the system drive, I am unable to locate any master files these may be pulled from.

Any ideas?

[mosx86]

Where is xftp installed? When it’s running, what user owns it?

[mosx86]

[QUOTE][u]Quote by: gneagle[/u][p]SSH is used if you turn on server-side file tracking – an SSH connection is made from the client to the server to obtain the list of items changed on the server.

-Greg[/p][/QUOTE]

Alright, that makes a lot of sense for the problems we’re seeing… Do you know of any way to modify the port that SSHRemotePrepareForSync uses?

[mosx86]

1:: [616] PHD:-[SSHRemotePrepareForSync handleStderrLineOrEOF:]: SSH: Connection refused

Does anyone know if there is a way to specify the port that SSHRemotePrepareForSync uses?

[mosx86]

[QUOTE][u]Quote by: MacTroll[/u][p]You can su with a password? Or just su from root?

Typically if auth works, but the loginwindow shakes you off it’s a home directory issue.[/p][/QUOTE]

Even it were a home directory issue, shouldn’t I see an attempt to auth first? Also, the network home server in question (10.4.11) has three network home shares on it. Some of the accounts are fine, I’m wondering if this could be a problem with automount.

[mosx86]

[QUOTE][u]Quote by: racohen415[/u][p]I want to prune old users from my 10.4 server. Is there a command or a script that will show me the last time one of the network home users logged into their account? I’ve found that the terminal command ‘last’ will only give me the user data for the server. So I can see the last time the admin user logged into the server but I need the last time one of my network home users logged into their account. Any ideas?

Thanks,
Rick[/p][/QUOTE]

If all you’re doing is network homes (not email) you could dump your password database and it will show the last date that each account authenticated.

[mosx86]

We experience something like this on occasion. For us it seems to be that either the client or server has no idea who the user is. Next time it happens try to do a ls -alF of the user home in terminal and see what is returned. If you see numbers instead of usernames, try HUPing DirectorySerivce.

[mosx86]

[QUOTE][u]Quote by: wstrucke[/u][p]I’m also having a similar problem. all of my servers are joined to the open directory without a problem but I can not get a single one of them to join the kerberos realm. when i click join kerberos realm, enter the delegated credentials, the box thinks for a minute, disappears, but the server is not actually joined.

i never had a problem doing this in tiger so this is rather frustrating.

anyone have any ideas?[/p][/QUOTE]

I too am having the same exact problem, however while the server does not think its joined the kerberos realm, if you dump the KDC on the ODM all the principals have been created. As far as I can tell services are kerberized, but the server simply doesn’t think it is.

[mosx86]

[QUOTE][u]Quote by: stevececil[/u][p]I did that and “no matching processes were found”[/p][/QUOTE]

That’s kind of strange…

sudo killall -HUP DirectoryService

Make sure there is no space between Directory and Service…

[mosx86]

Before going through the process of un-binding and then re-binding the hosts, have you tried HUPing Directory Services?

sudo killall -HUP DirectoryService

[mosx86]

[QUOTE][u]Quote by: Vegan_admin[/u][p]This is exactly what my log says as well… hope you find a solution…
This is really annoying more of my users upgrade to Vista…[/p][/QUOTE]

Talk about a late response (by me)…

The only tool I know that can check NTLMv2 passwords is “ntlm_auth.” However I get winbind errors when using it and as far as I can tell winbindd isn’t running on any of my Tiger SMB servers or PDC/BDC.

[mosx86]

[QUOTE][u]Quote by: joshuaw[/u][p]Has anyone successfully implemented a method of chroot ‘ing ssh clients on a Mac OS X Server 10.5.2? Any help or information is greatly appreciated.[/p][/QUOTE]

The latest security update upgrades OpenSSH to version 5.1 (10.4.11 and 10.5.5) which has built in jailing… Unfortunately I’m still getting the same error as when I tried to roll my own…

sshd[260]: fatal: bad ownership or modes for chroot directory component “/”

I haven’t found a real good answer yet, but the probably the clearest documentation I’ve found so far is here:

http://adamsworld.name/chrootjail5.php

[Author]

Posts